SSH tunnel to use other mailserver than localhost

Because I have a lot of virtual machines, laptops, work environments, and so on, I never seem to find the time to setup SMTP authentication everywhere. I typically use Linux for everything except hardcore gaming, so it’s only natural that I have some sort of mail server installed like Postfix. The problem in using that mail server to send e-mail is that I also quite often have dynamic IP addresses on these machines, which doesn’t work well with “e-mail protection” (well..) like SPF.

So instead of making my life very complicated, I have a trusted server on the Internet through which I send e-mail.

If you were looking for something fancy in this article, you can move along now, there’s nothing to see 🙂

To make all my Linux work instances believe they’re talking to an SMTP server locally, I simply setup a tunnel from the given Linux instance to this trusted server on the Internet using the ever so versatile OpenSSH / SSH. I know there are a lot of ways to do this, but this is what works for me:

Local machine or “where I work”

I have a private/public key keypair on all of these machines. The public key is placed in the /root/.ssh/authorized_keys file on the trusted server that is running the mail server.

On this machine, as root, I setup a tunnel that looks like this:

ssh -N -L 25:localhost:25 root@mail.example.org -p 2222

This will create a tunnel from “localhost” port 25 (where I work) to “localhost” port 25 on mail.example.org. It will connect the end point of the tunnel to mail.example.org on port 2222. If the mail.example.org server is running an SSH server on its standard port (22), you can remove the “-p 2222” part.

Mail server

On this server, I only need to put the public key from the local machine “where I work” into /root/.ssh/authorized_keys to allow the tunnel to come up.

When I access port 25 on my local machine “where I work”, it will be sent through the tunnel and then attempt to access “localhost” port 25 on the mail server. The mail server software, Postfix in my case, will never know this connection did not actually originate from “inside” the machine, but rather through the tunnel.

Closing thoughts

You can (obviously) make this somewhat more automated with tools like AutoSSH, init scripts, and what not. The above only intends to show how uncomplicated it is to create useful SSH/SMTP tunnels 🙂

 

SSH keys are no longer working after upgrading to Ubuntu 16.04.LTS – Help!

I recently upgraded one of my laptops to Ubuntu 16.04.LTS (going from 14.04.LTS). The upgrade went very smooth and I have no issues with the resulting operating environment 🙂 Having said that, I quickly discovered a quite serious issue for me when I attempted connecting to one of many servers I need to get into. All of a sudden, my SSH key was no longer accepted by the server, and I was prompted for a password! WTF!?

I immediately feared the worst and started looking at the server(s), tailing log files, enabling debugging, etc. No trace was to be found other than that no key was presented by the client. The servers were intact, the authorized_keys had not been compromised, and vanilla ice cream was still the number one flavor. The problem is not with Ubuntu 16.04.LTS. The problem is with my SSH key, as well as a recent change in “acceptable keys” by OpenSSH, version 7.

Doing “ssh -vvv user@server.com” told me that the SSH client couldn’t find an acceptable key to present to the server. After having figured that out, and facepalming for a few seconds, I added this to my /etc/ssh/ssh_config file:

PubkeyAcceptedKeyTypes=+ssh-dss

Saved the file and tried again. Voila! One could say many things about using this type of SSH key, but rest assured I will change mine. You should too if you run into this problem. This is a workaround, not a fix or a solution. So sit down with some vanilla ice cream (with actual vanilla) and something nice to drink and go through the process of replacing your public SSH keys everywhere.

Bye bye NetBeans, still fails on remote projects, cannot detect source file changes

So NetBeans 7.x is out since a few months. With many new functions, new and updated plugins, a lot of bugfixes, etc. Fantastic! Go NetBeans!

And just because I’m a sucker for punishment, I open up a new PHP project, select a WordPress site where I do some plugin sandbox development, enter all the parameters NetBeans wants, and click “OK”.

And … NetBeans starts doing its normal routine of scanning the remote (via SSH) directories, asks me to confirm that I want to download some 1714 files to my local computer, and when I do (why wouldn’t I, right?), it begins its glorious work.

In the meantime, I set-up a new project using ActiveState’s Komodo 6.13 IDE, I point it to the same server and directory and click “OK”. Three seconds later, I have my project.

NetBeans you ask? Oh, it’s still downloading. My Internet connection is too slow (it’ll max out around 20 mbit/s) of course .. I should have at least 100 mbit/s, or possibly GB/s. Because if you want to do NetBeans development on remote servers and do it the “proper NetBeans way”, you STILL have to download your entire project locally.

I could live with that rather awkward way of doing things if NetBeans could only detect changes to the file(s) on the remote. As it is now, and as it has been for many years with NetBeans, it’ll simply consider itself to be the master, and overwrite whatever is on the server.

Of course I’m doing it all wrong. I should use version control, I should not expect myself to be able to use my workstation as a terminal to the server. I mean, those days are gone, right? We ARE in the MODEM ERA of Internet, where you REALLY wanted to do EVERYTHING LOCALLY due to bandwidth limitations, etc.

Oh no, wait .. this is 2011 .. everyone but your pet is connected 24/7/365.

So, I think now that NetBeans have shown (again), that they have no intention of EVER fixing this problem, I’ll just do rm -r -f and be happy. And what’s more, so will the rest of the NetBeans community, because they won’t need to listen to me whining about it 🙂

Bye Bye NetBeans.

#NetBeans #IDE #PHP #fail #SSH #remote #development